Auditing Oracle database activities - Why it's important
and how it's done

Oracle database auditing is the process of constantly monitoring and recording all the events taking place in your Oracle instance such as the

• SQL statements that are executed
• Creation, updation and deletion of tables, users or roles
• Modifications done to schema, objects and privileges
• Permission granted to or revoked from roles or users

Why is it important to audit your Oracle instance?

• To improve security posture: Auditing critical events predominantly helps in maintaining the security posture of your Oracle database. It will give you insights on:

  • What activity was performed
  • Who performed it
  • Where the activity was carried out
  • When the activity took place
  • Modifications made (DB values before and after the modification).

• To seal security loopholes: You can monitor unauthorized access attempts, privilege escalations, and data exfiltration carried out from your Oracle database.

• To enhance data security: You can also individually monitor the schema, tables, or rows containing sensitive information to enhance security.

• To identify and prune excess privileges: Privileges can be granted and revoked by closely monitoring the activities carried out by users.

• To conduct post attack analysis: The audit records can be used for investigation purposes, in case of an attack.

• To comply with regulatory mandates: Auditing your Oracle databases helps you comply with stringent IT regulatory mandates such as HIPAA, SOX, and GLBA that enforce strong rules to be followed by organizations handling data assets.

How do you audit Oracle database?

Oracle databases can be audited using one of the following ways:

• Standard auditing to audit general DB activities
• Default auditing to audit security related SQL statements and privileges
• Individual auditing of SQL statements, privileges, and schema objects
• Using proxies to audit SQL statements and privileges in a multi-tier environment
• Fine-grained auditing to audit events taking place at a granular level in the database.

Best practices to follow to ensure Oracle database security.

• While auditing permissions assigned to roles and users, ensure the principle of least privilege is adhered to.
• Enable and configure triggers for DDL and DML statements and logon/logoff events.
• Make sure default accounts in Oracle DB have been disabled or configured with only the necessary privileges.
• Revoke PUBLIC role privileges assigned to all DB users by default to restrict privilege escalations.

Are you efficiently auditing your Oracle database?

Default auditing in Oracle helps audit your DB to a certain extent, but you should use AUDIT and NOAUDIT statements to monitor important schemas, rows or tables specifically. Standard auditing can be done by enabling standard auditing in your DB and manually configuring the audit trail. To configure effective audit trails, you need extensive knowledge about your Oracle DB activities. You can avoid such hassles and make auditing easier by using a log management solution.

EventLog Analyzer is a log management solution that can collect, parse and analyze your Oracle DB logs and generate numerous intuitive reports based on the database activities. It monitors all the DB events and generates reports such as Created Databases, Dropped Databases, Altered Databases, Created Clusters, Dropped Clusters, Altered Clusters, Created Tables, Dropped Tables, Altered Tables, Selected Tables, Inserted Tables, Updated Tables and Deleted Tables to name a few. Real-time alerts can be configured for anomalous activities that notify DB admins via SMS and email in case of a security incident, threat or an attack. Click here to see EventLog Analyzer's Oracle auditing capabilities.